description "Datadog Security Agent"

start on started datadog-agent
stop on (runlevel [!2345] or stopping datadog-agent)

respawn
respawn limit 10 5
normal exit 0

console output

script
  # Logging to console from the agent is disabled since the agent already logs using file or
  # syslog depending on its configuration. We then redirect the stdout/stderr of the agent process
  # to log panic/crashes.
  exec <%= install_dir %>/embedded/bin/security-agent start -c <%= etc_dir %>/datadog.yaml -c <%= etc_dir %>/security-agent.yaml -p <%= install_dir %>/run/security-agent.pid &>> /var/log/datadog/security-errors.log
end script

pre-start script
  # Do not run if security-agent.yaml does not exist
  test -f <%= etc_dir %>/security-agent.yaml || { stop ; exit 0; }

  # Manual rotation of errors log
  log_file_size=`du -b /var/log/datadog/security-errors.log | cut -f1`
  if [ -n "$log_file_size" ] && [ $log_file_size -gt 5242880 ]; then
    # Rotate log file if it's larger than 5MB
    mv /var/log/datadog/security-errors.log /var/log/datadog/security-errors.log.1
  fi
end script

post-stop script
  rm -f <%= install_dir %>/run/security-agent.pid
end script
